Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/CrLfFoVkxJE0wnQTzu3RCpSQkyM.roa
File: CrLfFoVkxJE0wnQTzu3RCpSQkyM.roa (raw, json)
Hash identifier: 0FqI8PtNtoKXACjv14TpjaG5/X2H4h2YMLA/+p1t6VY=
Subject key identifier: 0A:B2:DF:16:85:64:C4:91:34:C2:74:13:CE:ED:D1:0A:94:90:93:23
Certificate issuer: /CN=8b82433ffe94bf3536fec327543d396158202072
Certificate serial: 019146DE001C827CC08D53B76D43ABA063A9
Authority key identifier: 8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/CrLfFoVkxJE0wnQTzu3RCpSQkyM.roa
Signing time: Mon 12 Aug 2024 13:53:59 +0000
ROA not before: Mon 12 Aug 2024 13:53:59 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 43838
IP address blocks: 217.12.40.0/24 maxlen: 24
217.12.42.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:46:de:00:1c:82:7c:c0:8d:53:b7:6d:43:ab:a0:63:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8b82433ffe94bf3536fec327543d396158202072
Validity
Not Before: Aug 12 13:53:59 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0ab2df168564c49134c27413ceedd10a94909323
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:78:2a:f9:58:b0:a8:00:42:37:29:07:e2:ec:
5f:5c:95:e7:36:46:34:9d:1a:f8:3b:2d:b0:e3:43:
4b:3a:73:3c:61:f2:95:b9:60:26:ea:15:4d:a5:4b:
26:ad:66:86:92:67:22:0b:1e:19:0c:84:bc:65:59:
d5:be:5b:d8:f6:66:0f:ef:07:39:c9:d8:b2:eb:89:
1f:e4:f3:21:33:f1:74:67:7d:7d:ba:5e:bc:33:09:
25:2d:04:35:58:5f:a6:7f:6e:5b:41:7c:13:70:5a:
78:33:04:41:28:09:a8:e7:c3:be:34:c4:38:57:6a:
b4:2a:7c:1d:84:83:02:e4:12:33:85:2a:89:ba:f1:
b9:ad:75:88:e3:c3:36:5e:0a:98:a0:1c:6a:b6:e4:
a6:e6:14:bd:3c:3a:54:03:3b:fc:47:09:b4:d9:9f:
de:20:94:8a:77:c6:70:83:16:c8:6c:9b:5a:21:4c:
c9:e6:43:f1:a0:a0:fd:fe:ca:4e:71:d1:77:38:50:
64:8a:78:f4:24:ad:31:7c:a1:de:df:82:b6:12:4c:
c6:ba:90:45:d3:3a:c2:69:8a:20:db:01:82:c6:58:
91:73:fb:c6:c5:eb:7c:c1:86:b9:62:cf:cf:d9:c6:
01:88:d8:85:4b:c0:79:77:2c:2a:48:b9:7e:1a:ca:
1f:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:B2:DF:16:85:64:C4:91:34:C2:74:13:CE:ED:D1:0A:94:90:93:23
X509v3 Authority Key Identifier:
keyid:8B:82:43:3F:FE:94:BF:35:36:FE:C3:27:54:3D:39:61:58:20:20:72
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i4JDP_6UvzU2_sMnVD05YVggIHI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/CrLfFoVkxJE0wnQTzu3RCpSQkyM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/f5593d-689c-4dfe-8d96-2dd7890dc689/1/i4JDP_6UvzU2_sMnVD05YVggIHI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
217.12.40.0/24
217.12.42.0/23
Signature Algorithm: sha256WithRSAEncryption
d2:b0:36:67:fd:a4:1f:81:12:84:87:80:d9:0e:02:93:36:17:
db:fa:15:f0:3d:45:af:d6:6b:67:61:a7:23:29:dc:bb:99:56:
11:ff:ad:da:a8:0c:6d:56:7b:e2:41:24:37:56:a0:d5:e7:5f:
76:f2:56:f3:33:2e:ee:46:b3:fa:97:87:94:54:e7:05:b4:0f:
41:be:a5:6e:07:8f:7c:e4:f2:0d:50:18:e2:cc:82:76:80:82:
12:93:a4:35:b4:38:55:a3:eb:24:a7:6f:fc:22:84:c1:00:ac:
69:06:a2:61:99:9e:29:b6:de:6f:19:78:75:3d:70:22:9f:e3:
14:f6:59:fb:32:51:7e:e1:ba:87:d8:e4:42:53:40:2f:2c:65:
06:6c:83:6b:70:5f:1e:d9:72:aa:8c:73:9f:59:6c:58:12:e0:
52:e4:35:05:31:9f:d9:88:00:33:7e:9c:8e:d2:0f:38:b9:3a:
50:ac:0f:c1:09:d7:ee:72:45:d3:6a:a6:c1:50:90:f3:0c:17:
ff:30:1a:64:c4:77:56:fa:84:10:6f:2a:f2:4e:8f:f2:80:45:
28:67:7a:40:10:cb:1d:83:94:5d:f9:4f:a9:4b:74:2c:70:c8:
a7:37:c7:e6:90:41:6c:a1:8c:6e:54:4e:3e:7f:82:ff:09:44:
2e:ef:d5:f2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFG3gAcgnzAjVO3bUOroGOpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiODI0MzNmZmU5NGJmMzUzNmZlYzMyNzU0M2QzOTYxNTgy
MDIwNzIwHhcNMjQwODEyMTM1MzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWIyZGYxNjg1NjRjNDkxMzRjMjc0MTNjZWVkZDEwYTk0OTA5MzIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8ngq+ViwqABCNykH4uxfXJXnNkY0
nRr4Oy2w40NLOnM8YfKVuWAm6hVNpUsmrWaGkmciCx4ZDIS8ZVnVvlvY9mYP7wc5
ydiy64kf5PMhM/F0Z319ul68MwklLQQ1WF+mf25bQXwTcFp4MwRBKAmo58O+NMQ4
V2q0KnwdhIMC5BIzhSqJuvG5rXWI48M2XgqYoBxqtuSm5hS9PDpUAzv8Rwm02Z/e
IJSKd8ZwgxbIbJtaIUzJ5kPxoKD9/spOcdF3OFBkinj0JK0xfKHe34K2EkzGupBF
0zrCaYog2wGCxliRc/vGxet8wYa5Ys/P2cYBiNiFS8B5dywqSLl+GsofiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAqy3xaFZMSRNMJ0E87t0QqUkJMjMB8GA1UdIwQY
MBaAFIuCQz/+lL81Nv7DJ1Q9OWFYICByMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYt
MmRkNzg5MGRjNjg5LzEvQ3JMZkZvVmt4SkUwd25RVHp1M1JDcFNRa3lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy9mNTU5M2QtNjg5Yy00ZGZlLThkOTYtMmRkNzg5MGRjNjg5
LzEvaTRKRFBfNlV2elUyX3NNblZEMDVZVmdnSUhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQA2QwoAwQB
2QwqMA0GCSqGSIb3DQEBCwUAA4IBAQDSsDZn/aQfgRKEh4DZDgKTNhfb+hXwPUWv
1mtnYacjKdy7mVYR/63aqAxtVnviQSQ3VqDV51928lbzMy7uRrP6l4eUVOcFtA9B
vqVuB4985PINUBjizIJ2gIISk6Q1tDhVo+skp2/8IoTBAKxpBqJhmZ4ptt5vGXh1
PXAin+MU9ln7MlF+4bqH2ORCU0AvLGUGbINrcF8e2XKqjHOfWWxYEuBS5DUFMZ/Z
iAAzfpyO0g84uTpQrA/BCdfuckXTaqbBUJDzDBf/MBpkxHdW+oQQbyryTo/ygEUo
Z3pAEMsdg5Rd+U+pS3QscMinN8fmkEFsoYxuVE4+f4L/CUQu79Xy
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:19:06 2025 by rpki-client